It took a little longer than expected to get all the right flags to
shoehorn the latest version of apache onto the mail system but, it has
been steady on for about 30+ mins now so I think the fix is good...for
now. I'd suggest disabling mod_proxy if you can't upgrade your own
apache httpd to 2.2.13 and be sure that it's configured to not
advertise the signature or mods as this is a fairly recent DoS and it
is a very effective on in that it consumes most/all available CPU. See http://httpd.apache.org/security/vulnerabilities_22.html
Sorry about the short/no notice on taking the web service down, but
once I tracked down the problem, I was a bit too focused on getting it
fixed and keeping mail flowing to send out announcement about
something I a) wasn't sure the upgrade would fix or b) should have
been self-evident, e.g. web interface broken.
e.
_______________________________________________
website-discuss mailing list
[email protected]
